Description
Board
ESP32 Dev Module
Device Description
DevKitC
Hardware Configuration
Nothing connected, raw dev board.
Version
latest master (checkout manually)
IDE Name
VSCode
Operating System
Linux
Flash frequency
40MHz
PSRAM enabled
no
Upload speed
115200
Description
I think I have found a bug in the implementation of the NetworkClientSecure::setCACertBundle function. The bundle is passed as const uint8_t* and then sizeof is called on that argument inside the function. This will not return the size of the array but the size of the pointer passed into the function. It is then used in a call to esp_crt_bundle_set. When the library gets to the point of validating a certificate the following error is output:
esp-x509-crt-bundle: Invalid certificate bundle
This is because the proper bundle size is not being used. If I modify the function to accept a size parameter similar to how loadCertificate and loadPrivateKey do and then pass that size to the call to esp_crt_bundle_set function I am able to get a proper certificate validation.
This should also allow us to get around the stated limitation in the documentation that certificate bundles will not work in the Arduino IDE natively. I believe it would be possible to include a .S cert bundle or even construct one in C++ as a raw uint8_t array.
Sketch
Any sample using NetworkClientSecure will exhibit this issue if you call setCACertBundle
Debug Message
E (12665) esp-x509-crt-bundle: Invalid certificate bundle
Other Steps to Reproduce
No response
I have checked existing issues, online documentation and the Troubleshooting Guide
- I confirm I have checked existing issues, online documentation and Troubleshooting guide.